849 lines
33 KiB
TeX
849 lines
33 KiB
TeX
%
|
|
% Make the revision and doc number macro's then they are defined in one place
|
|
\ifthenelse {\boolean{paper}}
|
|
{
|
|
\begin{abstract}
|
|
The PT100, or platinum wire \ohms{100} sensor is
|
|
a widely used industrial temperature sensor that is
|
|
slowly replacing the use of thermocouples in many
|
|
industrial applications below 600\oc, due to high accuracy\cite{aoe}.
|
|
|
|
This chapter looks at the most common configuration, the
|
|
four wire circuit, and analyses it from an FMEA perspective twice.
|
|
Once considering single faults (cardinality constrained powerset of 1) and then again, considering the
|
|
possibility of double faults (cardinality constrained powerset of 2).
|
|
|
|
The analysis is performed using Propositional Logic
|
|
diagrams to assist the reasoning process.
|
|
This chapter describes taking
|
|
the failure modes of the components, analysing the circuit using FMEA
|
|
and producing a failure mode model for the circuit as a whole.
|
|
Thus after the analysis the PT100 temperature sensing circuit, may be veiwed
|
|
from an FMEA persepective as a component itself, with a set of known failure modes.
|
|
|
|
\end{abstract}
|
|
}
|
|
{
|
|
\section{Overview}
|
|
The PT100, or platinum wire \ohms{100} sensor is
|
|
a widely used industrial temperature sensor that is
|
|
slowly replacing the use of thermocouples in many
|
|
industrial applications below 600\oc, due to high accuracy\cite{aoe}.
|
|
|
|
This chapter looks at the most common configuration, the
|
|
four wire circuit, and analyses it from an FMEA perspective twice.
|
|
Once considering single faults (cardinality constrained powerset of 1) and then again, considering the
|
|
possibility of double faults (cardinality constrained powerset of 2).
|
|
|
|
The analysis is performed using Propositional Logic
|
|
diagrams to assist the reasoning process.
|
|
This chapter describes taking
|
|
the failure modes of the components, analysing the circuit using FMEA
|
|
and producing a failure mode model for the circuit as a whole.
|
|
Thus after the analysis the PT100 temperature sensing circuit, may be viewed
|
|
from an FMEA perspective as a component itself, with a set of known failure modes.
|
|
}
|
|
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=400pt,bb=0 0 714 180,keepaspectratio=true]{./pt100/pt100.jpg}
|
|
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
|
|
\caption{PT100 four wire circuit}
|
|
\label{fig:pt100}
|
|
\end{figure}
|
|
|
|
|
|
\section{General Description of PT100 four wire circuit}
|
|
|
|
The PT100 four wire circuit uses two wires to supply small electrical current,
|
|
and returns two sense volages by the other two.
|
|
By measuring voltages
|
|
from sections of this circuit forming potential dividers, we can determine the
|
|
resistance of the platinum wire sensor. The resistance
|
|
of this is directly related to temperature, and may be determined by
|
|
look-up tables or a suitable polynomial expression.
|
|
|
|
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=150pt,bb=0 0 273 483,keepaspectratio=true]{./pt100/vrange.jpg}
|
|
% pt100.jpg: 714x180 pixel, 72dpi, 25.19x6.35 cm, bb=0 0 714 180
|
|
\caption{PT100 expected voltage ranges}
|
|
\label{fig:pt100vrange}
|
|
\end{figure}
|
|
|
|
|
|
The voltage ranges we expect from this three stage potential divider\footnote{
|
|
two stages are required for validation, a third stage is used to measure the current flowing
|
|
through the circuit to obtain accurate temperature readings}
|
|
are shown in figure \ref{fig:pt100vrange}. Note that there is
|
|
an expected range for each reading, for a given temperature span.
|
|
Note that the low reading goes down as temperature increases, and the higher reading goes up.
|
|
For this reason the low reading will be referred to as {\em sense-}
|
|
and the higher as {\em sense+}.
|
|
|
|
\subsection{Accuracy despite variable \\ resistance in cables}
|
|
|
|
For electronic and accuracy reasons a four wire circuit is preferred
|
|
because of resistance in the cables. Resistance from the supply
|
|
causes a slight voltage
|
|
drop in the supply to the PT100. As no significant current
|
|
is carried by the two `sense' lines, the resistance back to the ADC
|
|
causes only a negligible voltage drop, and thus the four wire
|
|
configuration is more accurate\footnote{The increased accuracy is because the voltage measured, is the voltage across
|
|
the thermistor and not the voltage across the thermistor and current supply wire resistance.}.
|
|
|
|
\subsection{Calculating Temperature from \\ the sense line voltages}
|
|
|
|
The current flowing though the
|
|
whole circuit can be measured on the PCB by reading a third
|
|
sense voltage from one of the load resistors. Knowing the current flowing
|
|
through the circuit
|
|
and knowing the voltage drop over the PT100, we can calculate its
|
|
resistance by Ohms law $V=I.R$, $R=\frac{V}{I}$.
|
|
Thus a little loss of supply current due to resistance in the cables
|
|
does not impinge on accuracy.
|
|
The resistance to temperature conversion is achieved
|
|
through the published PT100 tables\cite{eurothermtables}.
|
|
The standard voltage divider equations (see figure \ref{fig:vd} and
|
|
equation \ref{eqn:vd}) can be used to calculate
|
|
expected voltages for failure mode and temperature reading purposes.
|
|
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./pt100/voltage_divider.png}
|
|
% voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170
|
|
\caption{Voltage Divider}
|
|
\label{fig:vd}
|
|
\end{figure}
|
|
%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used.
|
|
|
|
\begin{equation}
|
|
\label{eqn:vd}
|
|
V_{out} = V_{in}.\frac{Z2}{Z2+Z1}
|
|
\end{equation}
|
|
|
|
\section{Safety case for 4 wire circuit}
|
|
|
|
This sub-section looks at the behaviour of the PT100 four wire circuit
|
|
for the effects of component failures.
|
|
All components have a set of known `failure modes'.
|
|
In other words we know that a given component can fail in several distinct ways.
|
|
Studies have been published which list common component types
|
|
and their sets of failure modes, often with MTTF statistics \cite{mil1991}.
|
|
Thus for each component, an analysis is made for each of its failure modes,
|
|
with respect to its effect on the
|
|
circuit. Each one of these scenarios is termed a `test case'.
|
|
The resultant circuit behaviour for each of these test cases is noted.
|
|
The worst case for this type of
|
|
analysis would be a fault that we cannot detect.
|
|
Where this occurs a circuit re-design is probably the only sensible course of action.
|
|
|
|
|
|
|
|
\subsection{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}
|
|
|
|
\label{fmea}
|
|
This circuit simply consists of three resistors.
|
|
Resistors according to the DOD Electronic component fault handbook
|
|
1991, fail by either going OPEN or SHORT circuit \cite{mil1991}.
|
|
%Should wires become disconnected these will have the same effect as
|
|
%given resistors going open.
|
|
For the purpose of this analyis;
|
|
$R_{1}$ is the \ohms{2k2} from 5V to the thermistor,
|
|
$R_3$ is the PT100 thermistor and $R_{2}$ connects the thermistor to ground.
|
|
|
|
We can define the terms `High Fault' and `Low Fault' here, with reference to figure
|
|
\ref{fig:pt100vrange}. Should we get a reading outside the safe green zone
|
|
in the diagram we can consider this a fault.
|
|
Should the reading be above its expected range this is a `High Fault'
|
|
and if below a `Low Fault'.
|
|
|
|
Table \ref{ptfmea} plays through the scenarios of each of the resistors failing
|
|
in both SHORT and OPEN failure modes, and hypothesises an error condition in the readings.
|
|
The range {0\oc} to {300\oc} will be analysed using potential divider equations to
|
|
determine out of range voltage limits in section \ref{ptbounds}.
|
|
|
|
\begin{table}[ht]
|
|
\caption{PT100 FMEA Single Faults} % title of Table
|
|
\centering % used for centering table
|
|
\begin{tabular}{||l|c|c|l|l||}
|
|
\hline \hline
|
|
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\
|
|
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\
|
|
% R & wire & res + & res - & description
|
|
\hline
|
|
\hline
|
|
$R_1$ SHORT & High Fault & - & Value Out of Range Value \\ \hline
|
|
$R_1$ OPEN & Low Fault & Low Fault & Both values out of range \\ \hline
|
|
\hline
|
|
$R_3$ SHORT & Low Fault & High Fault & Both values out of range \\ \hline
|
|
$R_3$ OPEN & High Fault & Low Fault & Both values out of range \\ \hline
|
|
\hline
|
|
$R_2$ SHORT & - & Low Fault & Value Out of Range Value \\
|
|
$R_2$ OPEN & High Fault & High Fault & Both values out of range \\ \hline
|
|
\hline
|
|
\end{tabular}
|
|
\label{ptfmea}
|
|
\end{table}
|
|
|
|
From table \ref{ptfmea} it can be seen that any component failure in the circuit
|
|
should cause a common symptom, that of one or more of the values being `out of range'.
|
|
Temperature range calculations and detailed calculations
|
|
on the effects of each test case are found in section \ref{pt100range}
|
|
and \ref{pt100temp}.
|
|
|
|
|
|
|
|
\subsection{Range and PT100 Calculations}
|
|
\label{pt100temp}
|
|
PT100 resistors are designed to
|
|
have a resistance of \ohms{100} at {0\oc} \cite{aoe},\cite{eurothermtables}.
|
|
A suitable `wider than to be expected range' was considered to be {0\oc} to {300\oc}
|
|
for a given application.
|
|
According to the Eurotherm PT100
|
|
tables \cite{eurothermtables}, this corresponded to the resistances \ohms{100}
|
|
and \ohms{212.02} respectively. From this the potential divider circuit can be
|
|
analysed and the maximum and minimum acceptable voltages determined.
|
|
These can be used as bounds results to apply the findings from the
|
|
PT100 FMEA analysis in section \ref{fmea}.
|
|
|
|
As the PT100 forms a potential divider with the \ohms{2k2} load resistors,
|
|
the upper and lower readings can be calculated thus:
|
|
|
|
|
|
$$ highreading = 5V.\frac{2k2+pt100}{2k2+2k2+pt100} $$
|
|
$$ lowreading = 5V.\frac{2k2}{2k2+2k2+pt100} $$
|
|
So by defining an acceptable measurement/temperature range,
|
|
and ensuring the
|
|
values are always within these bounds we can be confident that none of the
|
|
resistors in this circuit has failed.
|
|
|
|
To convert these to twelve bit ADC (\adctw) counts:
|
|
|
|
$$ highreading = 2^{12}.\frac{2k2+pt100}{2k2+2k2+pt100} $$
|
|
$$ lowreading = 2^{12}.\frac{2k2}{2k2+2k2+pt100} $$
|
|
|
|
|
|
\begin{table}[ht]
|
|
\caption{PT100 Maximum and Minimum Values} % title of Table
|
|
\centering % used for centering table
|
|
\begin{tabular}{||c|c|c|l|l||}
|
|
\hline \hline
|
|
\textbf{Temperature} & \textbf{PT100 resistance} &
|
|
\textbf{Lower} & \textbf{Higher} & \textbf{Description} \\
|
|
\hline
|
|
% {-100 \oc} & {\ohms{68.28}} & 2.46V & 2.53V & Boundary of \\
|
|
% & & 2017\adctw & 2079\adctw & out of range LOW \\ \hline
|
|
{0 \oc} & {\ohms{100}} & 2.44V & 2.56V & Boundary of \\
|
|
& & 2002\adctw & 2094\adctw & out of range LOW \\ \hline
|
|
{+300 \oc} & {\ohms{212.02}} & 2.38V & 2.62V & Boundary of \\
|
|
& & 1954\adctw & 2142\adctw & out of range HIGH \\ \hline
|
|
\hline
|
|
\end{tabular}
|
|
\label{ptbounds}
|
|
\end{table}
|
|
|
|
Table \ref{ptbounds} gives ranges that determine correct operation. In fact it can be shown that
|
|
for any single error (short or opening of any resistor) this bounds check
|
|
will detect it.
|
|
|
|
|
|
\section{Single Fault FMEA Analysis \\ of PT100 Four wire circuit}
|
|
|
|
\subsection{Single Fault Modes as PLD}
|
|
|
|
The component~failure~modes in table \ref{ptfmea} can be represented as contours
|
|
on a PLD diagram.
|
|
Each test case, is defined by the contours that enclose
|
|
it. The test cases here deal with single faults only
|
|
and are thus enclosed by one contour each.
|
|
|
|
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc.jpg}
|
|
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
|
|
\caption{PT100 Component Failure Modes}
|
|
\label{fig:pt100_tc}
|
|
\end{figure}
|
|
|
|
%ating input Fault
|
|
This circuit supplies two results, the {\em sense+} and {\em sense-} voltage readings.
|
|
To establish the valid voltage ranges for these, and knowing our
|
|
valid temperature range for this example ({0\oc} .. {300\oc}) we can calculate
|
|
valid voltage reading ranges by using the standard voltage divider equation \ref{eqn:vd}
|
|
for the circuit shown in figure \ref{fig:vd}.
|
|
|
|
%
|
|
%\begin{figure}[h]
|
|
% \centering
|
|
% \includegraphics[width=100pt,bb=0 0 183 170,keepaspectratio=true]{./pt100/voltage_divider.png}
|
|
% % voltage_divider.png: 183x170 pixel, 72dpi, 6.46x6.00 cm, bb=0 0 183 170
|
|
% \caption{Voltage Divider}
|
|
% \label{fig:vd}
|
|
%\end{figure}
|
|
%%The looking at figure \ref{fig:vd} the standard voltage divider formula (equation \ref{eqn:vd}) is used.
|
|
%
|
|
%\begin{equation}
|
|
%\label{eqn:vd}
|
|
% V_{out} = V_{in}.\frac{Z2}{Z2+Z1}
|
|
%\end{equation}
|
|
%
|
|
|
|
|
|
\subsection{Proof of Out of Range \\ Values for Failures}
|
|
\label{pt110range}
|
|
Using the temperature ranges defined above we can compare the voltages
|
|
we would get from the resistor failures to prove that they are
|
|
`out of range'. There are six test cases and each will be examined in turn.
|
|
|
|
\subsubsection{ TC 1 : Voltages $R_1$ SHORT }
|
|
With pt100 at 0\oc
|
|
$$ highreading = 5V $$
|
|
Since the highreading or sense+ is directly connected to the 5V rail,
|
|
both temperature readings will be 5V..
|
|
$$ lowreading = 5V.\frac{2k2}{2k2+100\Omega} = 4.78V$$
|
|
With pt100 at the high end of the temperature range 300\oc.
|
|
$$ highreading = 5V $$
|
|
$$ lowreading = 5V.\frac{2k2}{2k2+212.02\Omega} = 4.56V$$
|
|
|
|
Thus with $R_1$ shorted both readings are outside the
|
|
proscribed range in table \ref{ptbounds}.
|
|
|
|
\subsubsection{ TC 2 : Voltages $R_1$ OPEN }
|
|
|
|
In this case the 5V rail is disconnected. All voltages read are 0V, and
|
|
therefore both readings are outside the
|
|
proscribed range in table \ref{ptbounds}.
|
|
|
|
|
|
\subsubsection{ TC 3 : Voltages $R_2$ SHORT }
|
|
|
|
With pt100 at 0\oc
|
|
$$ lowreading = 0V $$
|
|
Since the lowreading or sense- is directly connected to the 0V rail,
|
|
both temperature readings will be 0V.
|
|
$$ lowreading = 5V.\frac{100\Omega}{2k2+100\Omega} = 0.218V$$
|
|
With pt100 at the high end of the temperature range 300\oc.
|
|
$$ highreading = 5V.\frac{212.02\Omega}{2k2+212.02\Omega} = 0.44V$$
|
|
|
|
Thus with $R_2$ shorted both readings are outside the
|
|
proscribed range in table \ref{ptbounds}.
|
|
|
|
\subsubsection{ TC 4 : Voltages $R_2$ OPEN }
|
|
Here there is no potential divider operating and both sense lines
|
|
will read 5V, outside of the proscribed range.
|
|
|
|
|
|
\subsubsection{ TC 5 : Voltages $R_3$ SHORT }
|
|
|
|
Here the potential divider is simply between
|
|
the two 2k2 load resistors. Thus it will read a nominal;
|
|
2.5V.
|
|
|
|
Assuming the load resistors are
|
|
precision components, and then taking an absolute worst case of 1\% either way.
|
|
|
|
$$ 5V.\frac{2k2*0.99}{2k2*1.01+2k2*0.99} = 2.475V $$
|
|
|
|
$$ 5V.\frac{2k2*1.01}{2k2*1.01+2k2*0.99} = 2.525V $$
|
|
|
|
These readings both lie outside the proscribed range.
|
|
Also the sense+ and sense- readings would have the same value.
|
|
|
|
\subsubsection{ TC 6 : Voltages $R_3$ OPEN }
|
|
|
|
Here the potential divider is broken. The sense- will read 0V and the sense+ will
|
|
read 5V. Both readings are outside the proscribed range.
|
|
|
|
\subsection{Summary of Analysis}
|
|
|
|
All six test cases have been analysed and the results agree with the hypothesis
|
|
put in Table \ref{ptfmea}. The PLD diagram, can now be used to collect the
|
|
symptoms. In this case there is a common and easily detected symptom for all these single
|
|
resistor faults : Voltage out of range.
|
|
|
|
A spider can be drawn on the PLD diagram to this effect.
|
|
|
|
In practical use, by defining an acceptable measurement/temperature range,
|
|
and ensuring the
|
|
values are always within these bounds we can be confident that none of the
|
|
resistors in this circuit has failed.
|
|
|
|
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=400pt,bb=0 0 518 365,keepaspectratio=true]{./pt100/pt100_tc_sp.jpg}
|
|
% pt100_tc.jpg: 518x365 pixel, 72dpi, 18.27x12.88 cm, bb=0 0 518 365
|
|
\caption{PT100 Component Failure Modes}
|
|
\label{fig:pt100_tc_sp}
|
|
\end{figure}
|
|
|
|
|
|
\subsection{Derived Component : The PT100 Circuit}
|
|
The PT100 circuit can now be treated as a component in its own right, and has one failure mode,
|
|
{\textbf OUT\_OF\_RANGE}. It can now be represnted as a PLD see figure \ref{fig:pt100_singlef}.
|
|
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./pt100/pt100_singlef.jpg}
|
|
% pt100_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194
|
|
\caption{PT100 Circuit Failure Modes : From Single Faults Analysis}
|
|
\label{fig:pt100_singlef}
|
|
\end{figure}
|
|
|
|
|
|
%From the single faults (cardinality constrained powerset of 1) analysis, we can now create
|
|
%a new derived component, the {\empt100circuit}. This has only \{ OUT\_OF\_RANGE \}
|
|
%as its single failure mode.
|
|
|
|
|
|
%Interestingly we can calculate the failure statistics for this circuit now.
|
|
%Mill 1991 gives resistor stats of ${10}^{11}$ times 6 (can we get special stats for pt100) ???
|
|
\clearpage
|
|
\subsection{Mean Time to Failure}
|
|
|
|
Now that we have a model for the failure mode behaviour of the pt100 circuit
|
|
we can look at the statistics associated with each of the failure modes.
|
|
|
|
The DOD electronic reliability of components
|
|
document MIL-HDBK-217F\cite{mil1991} gives formulae for calculating
|
|
the
|
|
%$\frac{failures}{{10}^6}$
|
|
${failures}/{{10}^6}$ % looks better
|
|
in hours for a wide range of generic components
|
|
\footnote{These figures are based on components from the 1980's and MIL-HDBK-217F
|
|
can give conservative reliability figures when applied to
|
|
modern components}.
|
|
|
|
Using the MIL-HDBK-217F\cite{mil1991} specifications for resistor and thermistor
|
|
failure statistics we calculate the reliability of this circuit.
|
|
|
|
|
|
\subsubsection{Resistor FIT Calculations}
|
|
|
|
The formula for given in MIL-HDBK-217F\cite{mil1991}[9.2] for a generic fixed film non-power resistor
|
|
is reproduced in equation \ref{resistorfit}. The meanings
|
|
and values assigned to its co-efficients are described in table \ref{tab:resistor}.
|
|
|
|
\begin{equation}
|
|
% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
|
|
resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
|
|
\label{resistorfit}
|
|
\end{equation}
|
|
|
|
\begin{table}[ht]
|
|
\caption{Fixed film resistor Failure in time assessment} % title of Table
|
|
\centering % used for centering table
|
|
\begin{tabular}{||c|c|l||}
|
|
\hline \hline
|
|
\em{Parameter} & \em{Value} & \em{Comments} \\
|
|
& & \\ \hline \hline
|
|
${\lambda}_{b}$ & 0.00092 & stress/temp base failure rate $60^o$ C \\ \hline
|
|
%${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline
|
|
${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline
|
|
${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline
|
|
${\pi}_E$ & 1.0 & benign ground environment\\ \hline
|
|
|
|
\hline \hline
|
|
\end{tabular}
|
|
\label{tab:resistor}
|
|
\end{table}
|
|
|
|
Applying equation \ref{resistorfit} with the parameters from table \ref{tab:resistor}
|
|
give the following failures in ${10}^6$ hours:
|
|
|
|
\begin{equation}
|
|
0.00092 \times 1.0 \times 15.0 \times 1.0 = 0.0138 \;{failures}/{{10}^{6} Hours}
|
|
\label{eqn:resistor}
|
|
\end{equation}
|
|
|
|
While MIL-HDBK-217F gives MTTF for a wide range of common components,
|
|
it does not specify how the components will fail (in this case OPEN or SHORT). {Some standards, notably EN298 only consider resistors failing in OPEN mode}.
|
|
FMD-97 gives 27\% OPEN and 3\% SHORTED, for resistors under certain electrical and environmental stresses. This example
|
|
compromises and uses a 90:10 ratio, for resistor failure.
|
|
Thus for this example resistors are expected to fail OPEN in 90\% of cases and SHORTED
|
|
in the other 10\%.
|
|
A standard fixed film resistor, for use in a benign environment, non military spec at
|
|
temperatures up to 60\oc is given a probability of 13.8 failures per billion ($10^9$)
|
|
hours of operation (see equation \ref{eqn:resistor}).
|
|
This figure is referred to as a FIT\footnote{FIT values are measured as the number of
|
|
failures per Billion (${10}^9$) hours of operation, (roughly 114,000 years). The smaller the
|
|
FIT number the more reliable the fault~mode} Failure in time.
|
|
|
|
The formula given for a thermistor in MIL-HDBK-217F\cite{mil1991}[9.8] is reproduced in
|
|
equation \ref{thermistorfit}. The variable meanings and values are described in table \ref{tab:thermistor}.
|
|
|
|
\begin{equation}
|
|
% fixed comp resistor{\lambda}_p = {\lambda}_{b}{\pi}_{R}{\pi}_Q{\pi}_E
|
|
resistor{\lambda}_p = {\lambda}_{b}{\pi}_Q{\pi}_E
|
|
\label{thermistorfit}
|
|
\end{equation}
|
|
|
|
\begin{table}[ht]
|
|
\caption{Bead type Thermistor Failure in time assessment} % title of Table
|
|
\centering % used for centering table
|
|
\begin{tabular}{||c|c|l||}
|
|
\hline \hline
|
|
\em{Parameter} & \em{Value} & \em{Comments} \\
|
|
& & \\ \hline \hline
|
|
${\lambda}_{b}$ & 0.021 & stress/temp base failure rate bead thermistor \\ \hline
|
|
%${\pi}_T$ & 4.2 & max temp of $60^o$ C\\ \hline
|
|
%${\pi}_R$ & 1.0 & Resistance range $< 0.1M\Omega$\\ \hline
|
|
${\pi}_Q$ & 15.0 & Non-Mil spec component\\ \hline
|
|
${\pi}_E$ & 1.0 & benign ground environment\\ \hline
|
|
|
|
\hline \hline
|
|
\end{tabular}
|
|
\label{tab:thermistor}
|
|
\end{table}
|
|
|
|
|
|
\begin{equation}
|
|
0.021 \times 1.0 \times 15.0 \times 1.0 = 0.315 \; {failures}/{{10}^{6} Hours}
|
|
\label{eqn:thermistor}
|
|
\end{equation}
|
|
|
|
|
|
Thus thermistor, bead type, non military spec is given a FIT of 315.0
|
|
|
|
Using the RIAC finding we can draw up the following table (table \ref{tab:stat_single}),
|
|
showing the FIT values for all faults considered.
|
|
|
|
|
|
|
|
\begin{table}[h+]
|
|
\caption{PT100 FMEA Single // Fault Statistics} % title of Table
|
|
\centering % used for centering table
|
|
\begin{tabular}{||l|c|c|l|l||}
|
|
\hline \hline
|
|
\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{MTTF} \\
|
|
\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{per $10^9$ hours of operation} \\
|
|
% R & wire & res + & res - & description
|
|
\hline
|
|
\hline
|
|
TC:1 $R_1$ SHORT & High Fault & - & 1.38 \\ \hline
|
|
TC:2 $R_1$ OPEN & Low Fault & Low Fault & 12.42\\ \hline
|
|
\hline
|
|
TC:3 $R_3$ SHORT & Low Fault & High Fault & 31.5 \\ \hline
|
|
TC:4 $R_3$ OPEN & High Fault & Low Fault & 283.5 \\ \hline
|
|
\hline
|
|
TC:5 $R_2$ SHORT & - & Low Fault & 1.38 \\
|
|
TC:6 $R_2$ OPEN & High Fault & High Fault & 12.42 \\ \hline
|
|
\hline
|
|
\end{tabular}
|
|
\label{tab:stat_single}
|
|
\end{table}
|
|
|
|
The FIT for the circuit as a whole is the sum of MTTF values for all the
|
|
test cases. The PT100 circuit here has a FIT of 342.6. This is a MTTF of
|
|
about 360 years per circuit.
|
|
|
|
A Probablistic tree can now be drawn, with a FIT value for the PT100
|
|
circuit and FIT values for all the component fault modes that it was calculated from.
|
|
We can see from this that that the most likely fault is the thermistor going OPEN.
|
|
This circuit is around 10 times more likely to fail in this way than in any other.
|
|
Were we to need a more reliable temperature sensor this would probably
|
|
be the fault~mode we would scrutinise first.
|
|
|
|
|
|
\begin{figure}[h+]
|
|
\centering
|
|
\includegraphics[width=400pt,bb=0 0 856 327,keepaspectratio=true]{./pt100/stat_single.jpg}
|
|
% stat_single.jpg: 856x327 pixel, 72dpi, 30.20x11.54 cm, bb=0 0 856 327
|
|
\caption{Probablistic Fault Tree : PT100 Single Faults}
|
|
\label{fig:stat_single}
|
|
\end{figure}
|
|
|
|
|
|
The PT100 analysis presents a simple result for single faults.
|
|
The next analysis phase looks at how the circuit will behave under double simultaneous failure
|
|
conditions.
|
|
|
|
\clearpage
|
|
\section{ PT100 Double Simultaneous \\ Fault Analysis}
|
|
|
|
In this section we examine the failure mode behaviour for all single
|
|
faults and double simultaneous faults.
|
|
This corresponds to the cardinality constrained powerset of
|
|
the failure modes in the functional group.
|
|
All the single faults have already been proved in the last section.
|
|
For the next set of test cases, let us again hypothesise
|
|
the failure modes, and then examine each one in detail with
|
|
potential divider equation proofs.
|
|
|
|
Table \ref{tab:ptfmea2} lists all the combinations of double
|
|
faults and then hypothesises how the functional~group will react
|
|
under those conditions.
|
|
|
|
\begin{table}[ht]
|
|
\caption{PT100 FMEA Double Faults} % title of Table
|
|
\centering % used for centering table
|
|
\begin{tabular}{||l|l|c|c|l|l||}
|
|
\hline \hline
|
|
\textbf{TC} &\textbf{Test} & \textbf{Result} & \textbf{Result } & \textbf{General} \\
|
|
\textbf{number} &\textbf{Case} & \textbf{sense +} & \textbf{sense -} & \textbf{Symtom Description} \\
|
|
% R & wire & res + & res - & description
|
|
\hline
|
|
\hline
|
|
TC 7: & $R_1$ OPEN $R_2$ OPEN & Floating input Fault & Floating input Fault & Unknown value readings \\ \hline
|
|
TC 8: & $R_1$ OPEN $R_2$ SHORT & low & low & Both out of range \\ \hline
|
|
\hline
|
|
TC 9: & $R_1$ OPEN $R_3$ OPEN & high & low & Both out of Range \\ \hline
|
|
TC 10: & $R_1$ OPEN $R_3$ SHORT & low & low & Both out of range \\ \hline
|
|
\hline
|
|
|
|
TC 11: & $R_1$ SHORT $R_2$ OPEN & high & high & Both out of range \\ \hline
|
|
TC 12: & $R_1$ SHORT $R_2$ SHORT & high & low & Both out of range \\ \hline
|
|
\hline
|
|
TC 13: & $R_1$ SHORT $R_3$ OPEN & high & low & Both out of Range \\ \hline
|
|
TC 14: & $R_1$ SHORT $R_3$ SHORT & high & high & Both out of range \\ \hline
|
|
|
|
\hline
|
|
TC 15: & $R_2$ OPEN $R_3$ SHORT & high & Floating input Fault & sense+ out of range \\ \hline
|
|
TC 16: & $R_2$ OPEN $R_3$ SHORT & high & high & Both out of Range \\ \hline
|
|
TC 17: & $R_2$ SHORT $R_3$ OPEN & high & low & Both out of Range \\ \hline
|
|
TC 18: & $R_2$ SHORT $R_3$ SHORT & low & low & Both out of Range \\ \hline
|
|
\hline
|
|
\end{tabular}
|
|
\label{tab:ptfmea2}
|
|
\end{table}
|
|
|
|
\subsection{Verifying complete coverage for a \\ cardinality constrained powerset of 2}
|
|
|
|
|
|
|
|
It is important to check that we have covered all possible double fault combinations.
|
|
We can use the equation \ref{eqn:correctedccps2}
|
|
\ifthenelse {\boolean{paper}}
|
|
{
|
|
from the definitions paper
|
|
\ref{pap:compdef}
|
|
,
|
|
reproduced below to verify this.
|
|
|
|
\indent{
|
|
where:
|
|
\begin{itemize}
|
|
\item The set $SU$ represents the components in the functional~group, where all components are guaranteed to have unitary state failure modes.
|
|
\item The indexed set $C_j$ represents all components in set $SU$.
|
|
\item The function $FM$ takes a component as an argument and returns its set of failure modes.
|
|
\item $cc$ is the cardinality constraint, here 2 as we are interested in double and single faults.
|
|
\end{itemize}
|
|
}
|
|
\begin{equation}
|
|
|{\mathcal{P}_{cc}SU}| = {\sum^{k}_{1..cc} \frac{|{SU}|!}{k!(|{SU}| - k)!}}
|
|
- {{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{2!(|FM({C_j})| - 2)!}} }
|
|
\label{eqn:correctedccps2}
|
|
\end{equation}
|
|
|
|
}
|
|
{
|
|
\begin{equation}
|
|
|{\mathcal{P}_{cc}SU}| = {\sum^{cc}_{k=1} \frac{|{SU}|!}{k!(|{SU}| - k)!}}
|
|
- {{\sum^{j}_{j \in J} \frac{|FM({C_j})|!}{2!(|FM({C_j})| - 2)!}} }
|
|
%\label{eqn:correctedccps2}
|
|
\end{equation}
|
|
}
|
|
|
|
|
|
$|FM(C_j)|$ will always be 2 here, as all the components are resistors and have two failure modes.
|
|
|
|
%
|
|
% Factorial of zero is one ! You can only arrange an empty set one way !
|
|
|
|
Populating this equation with $|SU| = 6$ and $|FM(C_j)|$ = 2.
|
|
%is always 2 for this circuit, as all the components are resistors and have two failure modes.
|
|
|
|
\begin{equation}
|
|
|{\mathcal{P}_{2}SU}| = {\sum^{k}_{1..2} \frac{6!}{k!(6 - k)!}}
|
|
- {{\sum^{j}_{1..3} \frac{2!}{p!(2 - p)!}} }
|
|
%\label{eqn:correctedccps2}
|
|
\end{equation}
|
|
|
|
$|{\mathcal{P}_{2}SU}|$ is the number of valid combinations of faults to check
|
|
under the conditions of unitary state failure modes for the components (a resistor cannot fail by being shorted and open at the same time).
|
|
|
|
Expanding the sumations
|
|
|
|
|
|
$$ NoOfTestCasesToCheck = \frac{6!}{1!(6-1)!} + \frac{6!}{2!(6-2)!} - \Big( \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} + \frac{2!}{2!(2 - 2)!} \Big) $$
|
|
|
|
$$ NoOfTestCasesToCheck = 6 + 15 - ( 1 + 1 + 1 ) = 18 $$
|
|
|
|
As the test case are all different and are of the correct cardinalities (6 single faults and (15-3) double)
|
|
we can be confident that we have looked at all `double combinations', of the possible faults
|
|
in the pt100 circuit. The next task is to investigate
|
|
these test cases in more detail to prove the failure mode hypothesis set out in table \ref{tab:ptfmea2}.
|
|
|
|
|
|
\subsection{Proof of Double Faults Hypothesis }
|
|
|
|
\subsubsection{ TC 7 : Voltages $R_1$ OPEN $R_2$ OPEN }
|
|
\label{pt100:bothfloating}
|
|
This double fault mode produces an interesting symptom.
|
|
Both sense lines are floating.
|
|
We cannot know what the {\adctw} readings on them will be.
|
|
In practise these would probably float to low values
|
|
but for the purpose of a safety critical analysis
|
|
all we can say is the values are `floating' and `unknown'.
|
|
This is an interesting case, because it is, at this stage an undetectable
|
|
fault that must be handled.
|
|
|
|
|
|
\subsubsection{ TC 8 : Voltages $R_1$ OPEN $R_2$ SHORT }
|
|
|
|
This cuts the supply from Vcc. Both sense lines will be at zero.
|
|
Thus both values will be out of range.
|
|
|
|
|
|
\subsubsection{ TC 9 : Voltages $R_1$ OPEN $R_3$ OPEN }
|
|
|
|
Sense- will be floating.
|
|
Sense+ will be tied to Vcc and will thus be out of range.
|
|
|
|
\subsubsection{ TC 10 : Voltages $R_1$ OPEN $R_3$ SHORT }
|
|
|
|
This shorts ground to the
|
|
both of the sense lines.
|
|
Both values thuis out of range.
|
|
|
|
\subsubsection{ TC 11 : Voltages $R_1$ SHORT $R_2$ OPEN }
|
|
|
|
This shorts both sense lines to Vcc.
|
|
Both values will be out of range.
|
|
|
|
|
|
\subsubsection{ TC 12 : Voltages $R_1$ SHORT $R_2$ SHORT }
|
|
|
|
This shorts the sense+ to Vcc and the sense- to ground.
|
|
Both values will be out of range.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
\subsubsection{ TC 13 : Voltages $R_1$ SHORT $R_3$ OPEN }
|
|
|
|
This shorts the sense+ to Vcc and the sense- to ground.
|
|
Both values will be out of range.
|
|
|
|
\subsubsection{ TC 14 : Voltages $R_1$ SHORT $R_3$ SHORT }
|
|
|
|
This shorts the sense+ and sense- to Vcc.
|
|
Both values will be out of range.
|
|
|
|
\subsubsection{ TC 15 : Voltages $R_2$ OPEN $R_3$ OPEN }
|
|
|
|
This shorts the sense+ to Vcc and causes sense- to float.
|
|
The sense+ value will be out of range.
|
|
|
|
|
|
\subsubsection{ TC 16 : Voltages $R_2$ OPEN $R_3$ SHORT }
|
|
|
|
This shorts the sense+ and sense- to Vcc.
|
|
Both values will be out of range.
|
|
|
|
|
|
|
|
|
|
|
|
\subsubsection{ TC 17 : Voltages $R_2$ SHORT $R_3$ OPEN }
|
|
|
|
This shorts the sense- to Ground.
|
|
The sense- value will be out of range.
|
|
|
|
|
|
\subsubsection{ TC 18 : Voltages $R_2$ SHORT $R_3$ SHORT }
|
|
|
|
This shorts the sense+ and sense- to Vcc.
|
|
Both values will be out of range.
|
|
|
|
\clearpage
|
|
\subsection{Double Faults Represented on a PLD Diagram}
|
|
|
|
We can show the test cases on a diagram with the double faults residing on regions
|
|
corresponding to overlapping contours see figure \ref{fig:plddouble}.
|
|
Thus $TC\_18$ will be enclosed by the $R2\_SHORT$ contour and the $R3\_SHORT$ contour.
|
|
|
|
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=450pt,bb=0 0 730 641,keepaspectratio=true]{pt100/plddouble.jpg}
|
|
% plddouble.jpg: 730x641 pixel, 72dpi, 25.75x22.61 cm, bb=0 0 730 641
|
|
\caption{PT100 Double Simultaneous Faults}
|
|
\label{fig:plddouble}
|
|
\end{figure}
|
|
|
|
The usefulnes of equation \ref{eqn:correctedccps2} is apparent. From the diagram it is easy to verify
|
|
the number of failure modes considered for each test case, but complete coverage for
|
|
a given cardinality constraint is not visually obvious.
|
|
|
|
\subsubsection{Symptom Extraction}
|
|
|
|
We can now examine the results of the test case analysis and apply symptom abstraction.
|
|
In all the test case results we have at least one an out of range value, except for
|
|
$TC\_7$
|
|
which has two unknown values/floating readings. We can collect all the faults, except $TC\_7$,
|
|
into the symptom $OUT\_OF\_RANGE$.
|
|
As a symptom $TC\_7$ could be described as $FLOATING$. We can thus draw a PLD diagram representing the
|
|
failure modes of this functional~group, the pt100 circuit from the perspective of double simultaneous failures,
|
|
in figure \ref{fig:dubsim}.
|
|
|
|
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=450pt,bb=0 0 730 641,keepaspectratio=true]{pt100/plddoublesymptom.jpg}
|
|
% plddouble.jpg: 730x641 pixel, 72dpi, 25.75x22.61 cm, bb=0 0 730 641
|
|
\caption{PT100 Double Simultaneous Faults}
|
|
\label{fig:plddoublesymptom}
|
|
\end{figure}
|
|
|
|
|
|
\clearpage
|
|
\subsection{Derived Component : The PT100 Circuit}
|
|
The PT100 circuit again, can now be treated as a component in its own right, and has two failure modes,
|
|
{\textbf{OUT\_OF\_RANGE}} and {\textbf{FLOATING}}.
|
|
It can now be represented as a PLD see figure \ref{fig:pt100_doublef}.
|
|
|
|
\begin{figure}[h]
|
|
\centering
|
|
\includegraphics[width=100pt,bb=0 0 167 194,keepaspectratio=true]{./pt100/pt100_doublef.jpg}
|
|
% pt100_singlef.jpg: 167x194 pixel, 72dpi, 5.89x6.84 cm, bb=0 0 167 194
|
|
\caption{PT100 Circuit Failure Modes : From Double Faults Analysis}
|
|
\label{fig:pt100_doublef}
|
|
\end{figure}
|
|
|
|
\subsection{Statistics}
|
|
|
|
%%
|
|
%% Need to talk abou the `detection time'
|
|
%% or `Safety Relevant Validation Time' ref can book
|
|
%% EN61508 gives detection calculations to reduce
|
|
%% statistical impacts of failures.
|
|
%%
|
|
|
|
If we consider the failure modes to be statistically independent we can calculate
|
|
the FIT values for all the failures. The failure mode of concern, the undetectable {\textbf{FLOATING}} condition
|
|
requires that resistors $R_1$ and $R_2$ fail. We can multiply the MTTF
|
|
together and find an MTTF for both failing. The FIT value of 12.42 corresponds to
|
|
$12.42 \times {10}^{-9}$ failures per hour. Squaring this gives $ 154.3 \times {10}^{-18} $.
|
|
This is an astronomically small MTTF, and so small that it would
|
|
probably fall below a threshold to sensibly consider.
|
|
However, it is very interesting from a failure analysis perspective,
|
|
because here we have found a fault that we cannot detect at this
|
|
level. This means that should we wish to cope with
|
|
this fault, we need to devise a way of detecting this
|
|
condition in higher levels of the system.
|
|
|
|
|
|
|
|
\vspace{20pt}
|
|
|
|
%typeset in {\Huge \LaTeX} \today
|